How to configure LDAP_USER_ETL.job

datahub-project / datahub

The Metadata Platform for your Data Stack

https://datahubproject.io

Apache License 2.0

9.71k stars 2.87k forks source link

How to configure LDAP_USER_ETL.job #637

Closed wenhuaOpenx closed 4 years ago

wenhuaOpenx commented 7 years ago

Can you give more detailed explanation about the attributes in LDAP_USER_ETL.job file please? And the format of the value of some attributes, such as ldap.search.return.attributes, ldap.group.search.return.attributes

Thanks!

wenhuaOpenx commented 7 years ago

We've set up LDAP authentication in frontend application.env file, and it works well to login via LDAP account. (We manaully add user ldap account to 'users' table) But in the backend side, the ldap etl job breaks because of authentication error. We're not sure if the format of the field value is correct, please advise.

This is what we write in the LDAP_USER_ETL.job file:

ldap.context.factory=com.sun.jndi.ldap.LdapCtxFactory ldap.context.provider.url=ldaps://corp.openx.com:[PORT#] ldap.context.security.principal=CN=Wenhua Wang,CN=wenhua.wang,OU=Users,OU=MenloPark,OU=US,OU=OpenX,DC=corp,DC=openx,DC=com ldap.context.security.credentials=[PASSWORD]

Job error: javax.naming.AuthenticationException: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext error, data 52e, v2580^@]

mars-lan commented 7 years ago

ldap.context.security.principal should be the actual user name. Perhaps something like "openx\wenhua"

wenhuaOpenx commented 7 years ago

Thanks @mars-lan
Here are the format of configs we use in LDAP_USER_ETL_JOB file. It works well now.

Assume that: org name = company_1 ldap url = corp.company_1.com:636 ldap account = wherehows ldap password = wherehows_pwd

LDAP_USER_ETL_JOB: ldap.context.factory=com.sun.jndi.ldap.LdapCtxFactory

ldap.context.provider.url=ldaps://corp.company_1.com:636

ldap.context.security.principal=company_1\\wherehows

ldap.context.security.credentials=wherehows_pwd

ldap.search.domains=["DC=corp, DC=company_1, DC=com"]

ldap.search.return.attributes=["SamAccountName", "mail", "Name", "DisplayName", "Title", "EmployeeNumber", "Manager", "mail", "departmentNumber", "Department", "HireDate", "mail"]

keremsahin1 commented 4 years ago

Dear issue owner,

Thanks for your interest in WhereHows. We have recently announced DataHub which is the rebranding of WhereHows. LinkedIn improved the architecture of WhereHows and rebranded WhereHows into DataHub and replaced its metadata infrastructure in this direction. DataHub is a more advanced and improved metadata management product compared to WhereHows.

Unfortunately, we have to stop supporting WhereHows to better focus on DataHub and offer more help to DataHub users. Therefore, we will drop all issues related to WhereHows and will not accept any contribution for it. Active development for DataHub has already started on datahub branch and will continue to live in there until it's finally merged to master and project is renamed to DataHub.

Please check the datahub branch to get familar with DataHub.

Best, DataHub team